Posted
by
timothyon Tuesday June 10, 2014 @10:40AM
from the complex-simple-same-thing dept.

Reader Bruce66423 (1678196) points out skeptical-sounding coverage at the Washington Post of the NSA's claim that it can't hold onto information it collects about users' online activity long enough for it to be useful as evidence in lawsuits about the very practice of that collection. From the article: 'The agency is facing a slew of lawsuits over its surveillance programs, many launched after former NSA contractor Edward Snowden leaked information on the agency's efforts last year. One suit that pre-dates the Snowden leaks, Jewel v. NSA, challenges the constitutionality of programs that the suit allege collect information about Americans' telephone and Internet activities.
In a hearing Friday, U.S. District for the Northern District of California Judge Jeffrey S. White reversed an emergency order he had issued earlier the same week barring the government from destroying data that the Electronic Frontier Foundation had asked be preserved for that case. The data is collected under Section 702 of the Amendments Act to the Foreign Intelligence Surveillance Act.
But the NSA argued that holding onto the data would be too burdensome. "A requirement to preserve all data acquired under section 702 presents significant operational problems, only one of which is that the NSA may have to shut down all systems and databases that contain Section 702 information," wrote NSA Deputy Director Richard Ledgett in a court filing submitted to the court.
The complexity of the NSA systems meant preservation efforts might not work, he argued, but would have "an immediate, specific, and harmful impact on the national security of the United States.'
Adds Bruce66423: "This of course implies that they have no backup system — or at least that the backup are not held for long."

Up till now for a decade the agencies just invoke "we're scary and secretive, we don't need to follow your puny little laws because of National Security but we need a billion dollars in next year's budget to build more systems to hold data forever and ever".

And you can bet they cherry pick their data so that they have ten years worth of people's email and Slashdot posts, but suddenly when a lawsuit comes along, suddenly that data vanishes. But then it becomes vital to an investigation! "Oh look, we found it again!"

My big ass hairy guess is the systems algorithms automatically controls what is stored and what is dropped without human intervention, and any real attempt to permanantly store any particular thing would mean basically shutting down the collection system. The size of the system the NSA is using would have to be mind-boggling, the amount of data coming in is staggering; new stuff has to be incoming faster than any backup could ever keep up with. It's highly likely that new stuff would over-write old stuff, m

While I'm sure there is plenty of NSA Skullduggery to go around, in this case the parent is probably right on the money. I'm sure someone had an aha moment with this one - they most likely can't even begin to store all of this data - yet. Probably only a small fraction of it.

Not sure about the auto industry, but banks and other financial institutions did spend untold billions on revamping their systems to comply with the new regulations. Working for them became horribly difficult — at least one client of mine had to hire a consultant, whose sole job was translating change-requests (such as: "We need to increase the JVM's memory limit of the risk-computing application") from engineer's English into regulation-compliant

But I did not mean that. The difficulties, to which I was originally referring, were caused by the Sarbanes Oxley Act [wikipedia.org], which made it painfully difficult to change even the slightest aspec

this is sounding like a punishment duty I unfortunately did not think about during my previous incarnation as an operations manager:) shame on me I guess. "hey, you are going to explain memory upgrade requirement for SAP on MS (I know I know, long story) platform from 16 GB to 64 GB to accounting!"

The banks, on the other hand, are very easy to "kill" — just stop using them. Unlike the government, they have no way to compel you.

Yes, "just" stop using them. Like we can "just" stop voting in all these rubbish politicians.

Most people can't stop doing business with them because they are already in debt and clearing that debt will take decades. Even if not in debt, not having a bank account and debit/credit card(s) and other financial services can cause you all manner of difficulties.

Banks, on top of providing essentially services, have built a money sucking machine. And they've made very sure to entangle the leeching part thoroughly i

Yes, "just" stop using them [banks]. Like we can "just" stop voting in all these rubbish politicians.

Unlike politicians, who impose themselves even upon those, who voted against them, banks have no power over you if you don't use them. You don't have to convince other people to stop using banks — just stop doing it yourself and you'll be free from them...

Most people can't stop doing business with them because they are already in debt

Nobody forces people into the debt. They take it voluntarily and are genuinely happy, when their applications are approved. Without banks, you'd have to save money for 10 years before buying a house. With banks, you can move-in right away and pay off in 15 years. Loans are a service, that banks provide to willing customers.

Banks, on top of providing essentially services, have built a money sucking machine

I'm not aware of this "money sucking machine". Could you, please, elaborate?

The only way to address this, without plunging the economy into chaos, is for the government to step in and untangle it

Unlike politicians, who impose themselves even upon those, who voted against them, banks have no power over you if you don't use them. You don't have to convince other people to stop using banks â" just stop doing it yourself and you'll be free from them...

Uhhhh... The global recession puts the lie to your notion that not doing business with banks means I'm free of their ill effects.

Nobody forces people into the debt. They take it voluntarily and are genuinely happy, when their applications are approved. Without banks, you'd have to save money for 10 years before buying a house. With banks, you can move-in right away and pay off in 15 years. Loans are a service, that banks provide to willing customers.

During the mortgage bubble, banks were doing several things1. Forging a higher stated income onto loan documents so they could lend more money2. Giving loans to people that they knew would not be able to afford it (NINA/NINJA loans [wikipedia.org])3. Offering minorities ARM loans or loans with much higher interest rates than they would offer to white borrowers with the same credit score.

Blaming the borrower ignores the mountains of evidence showing wildly illegal, fraudulent, and outright deceptive behavior by the loan industry.If you don't know this stuff, you must be willfully ignoring the facts as they've been reported.Even Fox News has been reporting on it.

The global recession puts the lie to your notion that not doing business with banks means I'm free of their ill effects.

Nope. You are only affected as much as you were involved with the banks — being there customer or an employee, or dealing with other people, who were. But the recession was not the bank's fault — rather it is that of the politicians, who forced banks (with the threat of "discrimination" lawsuits) to give money to unqualified borrowers [ornery.org].

I don't know about stupid and incompetent, but you're entirely wrong as to the fundamentals of the 2008 financial crisis.

It's nice to make this about individual responsibility, but that's just not what happened. You probably heard the terms "credit default swap" and "mortgage derivatives" but didn't understand them. Essentially what was happening was major financial companies found that they could package up a bunch of low-rated mortgage-backed securities, hide the information about the individual loans, an

Nope. You are only affected as much as you were involved with the banks â" being there customer or an employee, or dealing with other people, who were. But the recession was not the bank's fault â" rather it is that of the politicians, who forced banks (with the threat of "discrimination" lawsuits) to give money to unqualified borrowers.

1. The global recession caused millions of people to lose their jobs, for so long, that the government has been extending unemployment for years (up until recently)2. You're trotting out the long debunked claim that the Community Reinvestment Act caused this3. Your debunked claim is supported by... an essay from Orson Scott Card. I will rebut with the Minneapolis Federal Reserve Bank [minneapolisfed.org]

and if they're collecting too damn much information to hold it, let alone process it, then it's almost all GIGO. dump the assumptions and Orwell on your desk for reference, and narrow your search. the FBI never caught a bootlegger chasing the history of every barefoot kid on the street, either.

The difference is that the banks are being sued and the underlying data (loan records, underwriting guidelines, securities information, etc.) is being preserved and provided to plaintiffs and defendants. The NSA is refusing to do collection / preservation / discovery at all.

I imagine the problem is that these databases only hold collected data for a short period of time, say 30 or 90 days. The data scraped is massive, so it is constantly deleting old data to make way for more. IAA Intelligence Analyst, and I know of some imagery databases, for example, that only hold the last 30 days of imagery. If you forced them to hold all of it for years, it would mean increasing server space by orders of magnitude.

So, basically, your saying that they should just expect everybody to simply trust that what they're doing is entirely legal? Because the logistics of actually proving this is so difficult they can't do it?

I say horseshit to that.

We know the data they scrape is massive. What we don't know is that they're complying with the law in order to do it.

And I fail to see why the benefit of the doubt should be given in this case.

Sorry, but it's "trust, but verify", and if you can't verify, you can't bloody well trust. The whole point of these lawsuits is that they likely go beyond the scope of their legal mandate. Saying you couldn't possibly be bothered to hold onto the evidence the court has demanded is just too damned bad.

We arent 0-5 in wars since 1947
Actual Wars we have been in :
War of 1812
Mexican-American War
Civil War
Spanish-American War
World War I
World War II
Everything since World War II has been what is known as a "police action," those are:
Korean Conflict
Vietnam
Panama
Gulf War I
Bosnia
Afghanistan
Gulf War II
War has to be declared by Congress

That's a little rude. If we all restricted ourselves to commenting on subjects in which we are experts - slashdot would appear to be abandoned. Two or three people would comment on some subjects, other subjects might have fifteen people participating. And, whatever would happen to good old AC?

I imagine the problem is that these databases only hold collected data for a short period of time, say 30 or 90 days. The data scraped is massive, so it is constantly deleting old data to make way for more. IAA Intelligence Analyst, and I know of some imagery databases, for example, that only hold the last 30 days of imagery. If you forced them to hold all of it for years, it would mean increasing server space by orders of magnitude.

I totally get that their systems very likely need to purge inconsequential data to remain effective. However, if the court forced a private company to retain data under a court order, it wouldn't care one wit about whether that was feasible within the system or not. If the private company did not comply, their officers would be held in contempt.

Really? That's not what the NSA was instructed to do. The NSA was instructed to hold *some* information that was involved in a court case. They were not forced to hold it for years nor were they forced to hold everything. In fact when the NSA was asked to do so they did not say they couldn't do it. Instead they said they didn't think the hold order applied to the information they deleted.

Please stick to the topic on hand and not make up a scenario that did not happen.

Well, if I design a system and I can't prove that it complies with all of the laws that regulates my field then I'm not allowed to sell that system.If I sell it anyway then I will be fined. (Or possibly imprisoned if someone gets killed because of me not following the norms.)

If it is considered illegal when I design a system that is too complex to verify the legality of, why isn't it illegal for NSA?

So what? Nothing about that invalidates the grandparent's point, which is that if you as a government entity cannot prove that you have a legal basis for doing something, then it is assumed that you don't have a legal basis for it and you must stop doing it.

I think you are seriously overthinking this. Its very simple. They CAN save data. Period. How do I know? Its very simple here. Do you really believe that if they found credible data on a top Con Queso leader, that they would need to analyse it within a specific time frame before they lose it forever, or do you think they can flag it to be saved?

Very simple. Being able to do this is a basic requirement for them, so they can do it already, right now.

So any claim that they could not do this is so disingenuous on its face that it is ridiculous. If you claim in court that you can't be the rapist because you cut your penis off as a child, then at the VERY LEAST, you should fully expect to be dropping your pants in front of somebody who can verify this.

They may as well be claiming they don't use computers at all to do their work, the claim would be 100% every bit as credible.

Sarcasm aside I think you make an important point... Between the “state secrets” privilege and the apparent willingness of the NSA to engage in a wholesale violation of the US Constitution and lie to congress and the courts I seriously doubt it would be remotely possible for a court to narrowly "rule on the facts" of the particular case. Rather courts are going to have to rule on the law and the probability that the NSA is violating individual liberties and then issue injunctions which give the government and the NSA and US government future instructions that the 4th amendment applies to their surveillance activities in the US despite whatever the Patriot Act might be interpreted to mean... meaning the courts will have to issue rulings based on what is permissible rather than issuing narrow injunctions against particular acts.

So for instance the court should simply rule that for the NSA to force companies to hand over business records including communications logs and the like that they need a warrant that complies with the 4th amendment and is issued: "upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized"

Well, if we still had a representative democracy, we'd just set NSAs budget to 0 and the problem would vanish. But half the congresscritters would shriek at any suggestion of reducing any government spending in any way, and the other half would claim that would mean the terrists win, so we'll just continue our slide into totalitarianism.

If you can't have your data available to demonstrate what you're doing it lawful, and you are going to delete it, then only reasonable conclusion is what you are doing cannot be proven lawful.

Therefore, the program is not lawful, and you need to stop.

So if you're not going to answer the questions to demonstrate your innocence, and your memory is fuzzy anyway, then the only reasonable conclusion is that you're guilty and therefore need to be thrown in jail?

So if you're not going to answer the questions to demonstrate your innocence, and your memory is fuzzy anyway, then the only reasonable conclusion is that you're guilty and therefore need to be thrown in jail?

No, I'm saying that when a court orders you to retain evidence as part of a legal proceeding in order that they can determine guilt or innocence, and you destroy the evidence... for the rest of us, that is a crime.

If their system is lawful, it should be possible to show evidence of that. If they kno

No, it's exactly the opposite of a dangerous precedent. Remember, we're talking about the government here, not the people, and the relationship between the government and the people (and other parts of the government) is explicitly adversarial (hence "checks and balances").

If it's appropriate for people to be presumed innocent until proven guilty, then it's equally appropriate for the government to be presumed guilty until proven innocent!

My driving skills are too complex to obey the speed limit.
Bernie Madoff's finances were too complex to obey SEC regulations.
God's will is too complex to charge priests as pedophiles.
Dzhokhar Tsarnaev's relationship with his brother is too complex to charge him in the bombing.

You buyin' any of that bullshit, NSA? Yeah, neither do we.

How about "Edward Snowden's political views are too complex to charge him with treason". You understand that?

I guess they really are making Skynet...
Seriously though, everything the NSA has said since this whole scandal started reeks of "The end justifies the means." They're basically a cartoon villain at this point.

No, Skynet as the world's collection of cellphones, and all of the other embedded processors with zillions of cycles available and a lot of spare time on their hands . . . . Seriously, half of us are walking around with more computer power PER DEVICE than the entire world was using on any given day in the 1960s. And we have our "real" computer at home. Even M$ couldn't waste all of that computational capacity. Do you think the push to hook them all together in an IoT is really coming from *humans*?????

So wait, the NSA's argument as to why their program is legal.. is that they're too incompetent to design a system that can follow the law. Shouldn't this be grounds to fire everyone at the NSA for incompetence, if this is the argument they're using?

So wait, the NSA's argument as to why their program is legal.. is that they're too incompetent to design a system that can follow the law. Shouldn't this be grounds to fire everyone at the NSA for incompetence, if this is the argument they're using?

Well, I'm not sure folks fully understand the issue and it's posts like this that really muddy the water.

The PROBLEM is that they simply collect too much data to have a prayer of being able to store and process it all. They are drowning in data and there is no practical way to store this data for any length of time so they routinely purge "old" data to make room. From news reports I've read in the past, I'm surmising that the raw data can only be kept for periods measured in days, maybe tens of days, befo

Precisely. If they were doing what a legitimate government agency should be doing---targeted investigation of crimes and threats to national security---there wouldn't be a problem.

Where that is the seemingly practical solution, the question becomes what is deemed a "collected" piece of data?

If you are sorting through all the internet traffic on a link collecting traffic to/from an IP, you will have to look at a packet's headers. Does looking at the packet header mean you "collected" the packet? After all, that packet was transferred into NSA equipment.

The thing that seems to be overlooked in all of the NSA illegality discussion is quite how much the recent revelations point to their incompetence. For example, consider Heartbleed. The NSA claims that they had no knowledge of it. If you assume that they're telling the truth, then this means that they either failed to identify OpenSSL as a critical piece of software to review (odd, given how much US and other government infrastructure uses it), or they did review it and still failed to find the vulnerabi

Exactly the opposite. They designed their system to comply with the law (delete the data). Now the EFF wants them to do something different (retain the data so they can peruse it). If you've ever worked a a big system you would know that a major requirements change like that cannot be implemented quickly or easily.

What I find most interesting here is the outrage we keep seeing on/. when a story is posted about search warrants that are too broad. But now the EFF has essentially requested a search warrant for everything the NSA has.

No, that's not true. The duty of preservation in a civil lawsuit is entirely different from a search warrant in a criminal investigation. And no, they didn't design the system to comply with the law. If they'd done that, they wouldn't allegedly have so much information that it can't be stored. They should be performing targeted searches related to actual criminal cases and threats to national security, not wholesale data mining on every man, woman, and child in the United States, regardless of how soon they

Then it's time to stop what you're doing. People's rights are more important hiding politicians' (and their benefactors') dirty laundry. What you're doing is undermining the fundamental principles that separate western democracy from the dark ages.

People's rights are more important hiding politicians' (and their benefactors') dirty laundry.

Why do you think that they are engaged in hiding politicians' dirty laundry? Why not assume that identifying and using that dirty laundry (to ensure support from those politicians) is part of the purpose of the data collection. What's the probability that the NSA doesn't have some dirt on Senator Feinstein?

Everything concerning the NSA has "an immediate, specific, and harmful impact on the national security of the United States."

Releasing any information has "an immediate, specific, and harmful impact on the national security of the United States."Saving any information has "an immediate, specific, and harmful impact on the national security of the United States."Any whistle blowers have "an immediate, specific, and harmful impact on the national security of the United States."Disagreeing with any official has "an immediate, specific, and harmful impact on the national security of the United States."Giving out the legal reasoning behing their operations has "an immediate, specific, and harmful impact on the national security of the United States."

Why have more people not clued in that the NSA is "an immediate, specific, and harmful impact on the national security of the United States."

they have damaged the reputation of their agencies simply by believing that none of their secrets would get out. My mom always told me that once more than one person knows something it is no longer a secret and will not be kept that way.

What is the "national security of the United States" anyway? Because last I checked, it amounts to military power. If I can put a boot in your ass, your intelligence telling you I'm coming to put a boot in your ass doesn't help.

The NSA, The CIA, the FBI and the Justice department have already been caught in BOLD FACED LIES in regards to their activities on dozens of occasions. The Presidents (both Obama and Bush) have gone on National Television and lied directly to the American people regarding this programs over and over and over again. Several NSA directors have gone in front of congress and lied while under oath. They were then called back and admitted that they're lied. You cannot trust anything they say at all. The only solution to this is to shut down the agency. They are willing to violate the law, the constitution, court order and even the will of the president. No regulatory reform or court order will be effective against an agency that thinks its charter is more important than obeying the law or will of the people. They fundamentally believe that your physical safety is more important than our individual rights. That is totalitarianism. It is not a belief that is compatible with democracy.

They fundamentally believe that your physical safety is more important than our individual rights.

I'd be more inclined to say that they value their own power and influence over your individual rights (I'm not American, and so have no rights in their eyes). If they really worried about your physical safety, they would be getting evidence on polluters, unsafe working conditions, social collapse, the prison industry, and all the other things that contribute to the decay of your quality of life.

They fundamentally believe that your physical safety is more important than our individual rights.

I'd be more inclined to say that they value their own power and influence over your individual rights (I'm not American, and so have no rights in their eyes). If they really worried about your physical safety, they would be getting evidence on polluters, unsafe working conditions, social collapse, the prison industry, and all the other things that contribute to the decay of your quality of life.

This is the problem with totalitarianism. When you're wrong, no one is allowed to disagree with you unless they're willing to move to Hong Kong or Moscow.

Impossible. It will just go deeper "underground", and move even more contraband than they do now to keep the money flowing. The entire government is going rogue and the submissive population will do nothing about it. This is the world we live in.

At the end of the day accountability is almost totally absent in the upper echelons of government. Sure, sure, somebody might resign months later after a complete cluster-fuck of a healthcare.gov web site but actual crimes like perjuring oneself while under oath? meh.. "I didn't understand the question" or "it was as truthy as I felt comfortable"

And any politician that did this would immediately be tarred as doing something that hurts America and helps The Terrorists. Since politicians are a spineless lot, always worried about being cast in a negative light, they will shy away from any real reform. Instead they will back "slap on the wrist" or "finger wagging" reform that looks to the public like real reform, but in reality does nothing.

It's the biggest system there is. There's nothing to 'back it up to', for various reasons. The letter of the (original) order can't be complied with, without shutting it off, and saving the current contents for the upcoming hearing (or trial). In the meantime, we have nothing as far as NSA protection goes. I get that.

That doesn't mean the the spirit of the order can't be complied with. Snapshots of sections, randomly chosen database blocks from among representative groups, a sampling of the most called routines; something. If it's a freaking computer, then there is some way that evidence can be gotten without bringing the system down, assuming cooperation on the part of the admins. I hope they are not getting off the hook.

Out of one side they will argue that they can't possibly store all this massive data they are collecting. And then they will turn around and blame the courts for needing more storage to store all this data they are collecting. See we can't stop spying on the American people... the courts are making us.

So if their system is too complex to obey the law....the short version of what they said is "We built a system without regard to the law" and "We broke the law". Thank you for the confession. Now its time to start dismantling and prosecuting thanks.

Aww, poor NSA, their systems are too complex for them to control according to the law? What a terrible 1st world problem to have! Fear not NSA, I have a solution that will take this horrible burden off your shoulders, and make the rest of us happy at the same time: simplify your goddamn systems to the point where you can 'control' them and be in accordance with the law. Either that or maybe we need to take a chainsaw to your 'systems' and just chop them down to a reasonable size. Here, here's an abacus, that's about all I'd trust you motherfuckers with at this point.

No actually they are saying that a big enough system to take and keep a backup of the data they collect doesn't exist. Which, if you think about it, seems reasonable if what we are told about the NSA's collection ability is actually true.

Since it would mean that they don't routinely hold onto this information for further analysis, future blackmail, etc. However, it seems far more likely that they are simply lying when they say they can't do this.

Shesh you guys have made the NSA into an all powerful, all knowing, all seeing boogeyman. Think about the "system" you describe and the huge amount of data that we KNOW the NSA routinely collects. Where I don't discount the possibility that the data could be used for blackmail, the problem you have is finding the data you need (the needle) in the huge data set they are collecting (the field of haystacks).

Do you load this in to some MySQL database so you can run an SQL query on it? Um, not if you want an

You act like it's some crazy notion that people in government would covertly collect information on private citizens for purposes of blackmail to "keep them in line"---not because those citizens are breaking any law, but because certain officials deem them to be dangerous to their own personal agendas and power structure. Have you ever heard of a guy named J. Edgar Hoover? Perhaps you should look into that.

The last piece is just what the civilians have access to. It came out of the intelligence community. You can guarantee that the NSA has something way more advanced and/or better optimized at this point. Specifically look at Conceptual Clustering and Categorization.

Their challenge is not going to be pulling the data out of the haystack. It is going to be having enough analysts to sort through the results and enough gui

How much data do you think they are collecting? A Lot right? Or why would anybody be up in arms? The NSA is the all knowing, all seeing boogeyman you know, so they have to collect nearly everything. You cannot archive that much stuff forever, certainly there will be limits on how much they can keep online.